How the iPod Will Change the Face of Computer Security

Apple probably didn't intend it, but the iPod will likely prove to be an important stepping stone into solving a problem that has faced computer scientists for more than 30 years. Bruce Potter explains.

Like this article? We recommend

The iPod has caused a bit of a revolution in the music industry. By making
the iPod incredibly user-friendly and providing affordable content, Apple has
put more than 28 million iPods in the hands of consumers all over the world
(with 10 million more expected to be sold before Christmas 2005). Consumers now
expect that they can access legal music on demand for a dollar a song rather
than having to go to the store to buy a CD for $15. And with the iPod you can
listen to your massive music collection at home, in your iPod-enabled car, at
the office, and at friends' parties. No more messing around with CD binders
or a laptop full of music.

None of this is a surprise. We're all familiar with the iPod and its
impact on society. It has become a household name. But from a security
perspective, the iPod hasn't created the same ripple. Why should it? After
all, it's simply a consumer electronic device.

Or is it?

Gartner
issued a report in 2004
on how an iPod can be used to remove data from a corporate network. The iPod
does double duty as a USB mass storage device and can serve the same role as a
USB pen drive, but looks much more stealthy. Many people discounted
Gartner's report, however, because USB storage tokens come in all shapes
and sizes and it seems silly to single out the iPod for this purpose.

The big impact that the iPod will have on computer security is still in the
future. Apple probably didn't intend it, but the iPod will likely prove to
be an important stepping stone into solving a problem that has faced computer
scientists for more than 30 years.

Controlling Data

Controlling access to data and resources is essentially the foundation of
computer security. Many methods and mechanisms can be used to accomplish this
type of access control, but historically they're generally software-only
solutions. Further, most access control mechanisms are vulnerable to software
bugs and implementation errors that can lead to data compromise. Also, these
access control mechanisms must trust the environment or host on which they're
running, in order to control access to data. If the host itself is compromised,
the access control provided by the software is generally completely violated.

In 1971, Butler Lampson authored a paper titled "Protection," in
which he puts forth the idea of multiple domains of information running a on
a single host. The general idea is that each domain would execute independently
and with potentially different rights existing for programs in each domain.
Lampson's ideas became a sort of Holy Grail for computer scientists—provable
separation of data and processing running on the same host.

Lampson's vision has many implications. For many years, the U.S. Department
of Defense has pursued multi-level security (MLS) systems, in which
data from different classification levels could be examined and processed on
one system. In current systems, data from multiple classification levels must
run on different computers because existing security mechanisms are not strong
enough to keep data separate. For content providers such as record companies,
Lampson's idea will allow them to ensure that their content is accessed
only in a manner of which they approve. For instance, a system that has these
domains implemented could enforce that MP3 files be read only by trusted and
authorized programs.

The problem with reaching Lampson's vision is that it's nearly impossible
to achieve complete control of data with a software-only solution. Complex
software is difficult to create in a 100% secure manner; therefore, the access
control mechanisms are not fully trustworthy. Also, the access control mechanisms
themselves are complicated and require interaction with the user, the data "owner," management
entities, etc.... It may look simple on paper, but Lampson's vision has
been elusive for more than three decades.